nanog mailing list archives

Re: SRv6

From: mark seery <mark.a.seery () gmail com>
Date: Thu, 17 Sep 2020 08:56:10 -0700

On Sep 17, 2020, at 8:28 AM, Mark Tinka <mark.tinka () seacom com> wrote:



On 16/Sep/20 23:22, Anoop Ghanwani wrote:

It depends on the definition of VPN.  In terms of services like
MPLS-based VPNs, it refers to the extension of a Private network 
over a shared infrastructure, allowing entities using the shared
infrastructure to have their own private address space and routing
tables.


Really, it was just a way to leverage IP networks to make more money.


For operators already offering FR/ATM services, it was a replacement, using the same principles of traffic separation 
over a common infrastructure, without encryption as part of the service. So from that perspective only, it was not much 
of a change for *existing* enterprise customers. 

This community is aware of the responsibility of a network is to ensure that traffic is forwarded to the (originally?) 
intended destination to prevent confidential information being exposed to a third-party. It is in this respect that the 
term “privacy” is often used. So seems like there is a taxonomy issue here. Perhaps traffic separation is a better term 
than privacy, because while traffic is probablistically private with respect to other VPN customers (separated with 
some high level of probability), it is not private with respect to the operator (who could intercept it).

Nothing against that, as long as "buyer be aware" applies.


Sure, transparency is good.

I remember 20 years ago at a London IETF where the issue arose, and a food fight arose over who would own and manage 
encryption keys if traffic was encrypted. I don’t recall what the resolution of that debate was.

That said, we live in an era where there is increasing sensitivity to protecting consumer (at least) information. This 
sensitivity exists at multiple layers of the “stack”. So it is an interesting question / issue, and certainly would not 
be of any surprise if governments mandated it in the future, as long as they could intercept it for law enforcement 
purposes of course, and until they could, they probably would not be encouraging operators to encrypt data in any 
difficult to crack way (a speculation on my part).

Perhaps all the more reason why end-to-end encryption should be part of the buyer beware conversation (not arguing 
against operator encryption in saying that - privacy is something everyone in I[C]T has to think about today).


Mark.

Current thread:

Re: SRv6, (continued)
- - - Re: SRv6 Randy Bush (Sep 15)
    - Re: SRv6 Jeff Tantsura (Sep 15)
    - Re: SRv6 Randy Bush (Sep 15)
    - Re: SRv6 Jeff Tantsura (Sep 15)
    - RE: SRv6 aaron1 (Sep 15)
    - Re: SRv6 Randy Bush (Sep 15)
    - Re: SRv6 Mark Tinka (Sep 16)
    - Re: SRv6 Anoop Ghanwani (Sep 16)
    - Re: SRv6 Randy Bush (Sep 16)
    - Re: SRv6 Mark Tinka (Sep 17)
    - Re: SRv6 mark seery (Sep 17)
    - Re: SRv6 Mark Tinka (Sep 17)
    - Re: SRv6 mark seery (Sep 17)
    - Re: SRv6 Mark Tinka (Sep 17)
    - Re: SRv6 tim () pelican org (Sep 18)
    - Re: SRv6 Mark Tinka (Sep 18)
    - Re: SRv6 Wilco Baan Hofman (Sep 18)
    - Re: SRv6 mark seery (Sep 18)
    - Re: SRv6 Mark Tinka (Sep 19)
    - Re: SRv6 Valdis Klētnieks (Sep 19)
    - Re: SRv6 Mark Tinka (Sep 20)

(Thread continues...)